SMB permissions broken after update to 12.0-U4

gegtor

Explorer
Joined
Sep 16, 2017
Messages
99
Hello everyone

I just updated from 12.0-U2.1 to TrueNAS-12.0-U4 and all my SMB shares stopped working (permission denied)

I saw this in release notes and I assume it's caused by this because all my shares had the user set to root
TrueNAS "root" user account cannot be an SMB user.This is an intentional change to improve software security and suitability for deployment in a variety of environments. Update the SMB configuration to use a different user account.

So after some reading here is what I did
-I deleted all SMB shares configs
-I stripped any ACLs
-Made new ACLs with a new user (not root) and full access from group and user
-Applied recursively
-Made new share configs with the same settings as the old ones

After that defying all logic it still doesn't work
-User is in the needed group
-All files have new permissions that allow access from that group

Had to revert to U2.1 for the time

I'm attaching my before and after ACLs (ignore that its a different folder) and share config

What I'm missing? Probably something very obvious haha
Thanks in advance
 

Attachments

  • Screenshot 2021-06-02 at 05.17.34.png
    Screenshot 2021-06-02 at 05.17.34.png
    596.2 KB · Views: 277
  • Screenshot 2021-06-02 at 05.17.47.png
    Screenshot 2021-06-02 at 05.17.47.png
    541.3 KB · Views: 322
  • Screenshot 2021-06-02 at 05.28.55.png
    Screenshot 2021-06-02 at 05.28.55.png
    513.7 KB · Views: 245

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,691
Suggest you change the shares to use non-root users while staying in U2.1
After that has been done successfully... then you can upgrade via U3.1 and then U4. Wait to see if anyone reports a similar issue.
 
Joined
Jun 2, 2019
Messages
591
No issues here with SMB shares after upgrading to TrueNAS-12.0-U4
 
Last edited:

gegtor

Explorer
Joined
Sep 16, 2017
Messages
99
Can you PM me a debug?
Unfortunately, I can't since I'm now back on U2.1


Suggest you change the shares to use non-root users while staying in U2.1
After that has been done successfully... then you can upgrade via U3.1 and then U4. Wait to see if anyone reports a similar issue.
I will try that on the weekend and report back
 

gegtor

Explorer
Joined
Sep 16, 2017
Messages
99
How do I update to U3.1?
Suggest you change the shares to use non-root users while staying in U2.1
After that has been done successfully... then you can upgrade via U3.1 and then U4. Wait to see if anyone reports a similar issue.
 

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,691
The updates should be available via the WebUI... what choices are you given?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I don't see any reason why U3.1 would work, but U4 wouldn't. Based on the screenshot it looks like you are using vfs_full_audit. If the VFS operations that you are trying to log do not exist in Samba 4.12, access to the share will be denied (fail safe regarding auditing).
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Why would vfs_full_audit not work in U4?
It works, but you need to understand that vfs_full_audit is intrinsically dependent on the underlying VFS implementation in Samba (its parameters explicitly reference VFS functions). The VFS in samba is in the process of a rewrite. Samba 4.12 removed / replaced many VFS functions and you will need to alter your logging parameters accordingly. See man vfs_full_audit in TrueNAS 12.0-U4 for a list of supported logging parameters.
 

RushFan

Cadet
Joined
Jun 17, 2021
Messages
7
I'm new to TrueNAS since March 2021, currently running TrueNAS core 12.0-U4.
I installed from the TrueNAS-12.0-U2.1.iso, created a user and a group, and set up a few pools and datasets, etc.
I could read, write and map the shares on my pcs, and had full access to them on my macs as well.
I had Plex working, and I configured various mac and pc backups.

I was in newbie heaven for about 2 months, until my main pc started giving me the following message:
Network Error
Windows cannot access \\TRUENAS\Media
You do not have permission to access \\TRUENAS\Media. Contact your network administrator to request access.

This access/permissions problem spread to all of my pcs, and now to my macs.
I now have no access to my media shares or my backups, but I can still see the TrueNAS dashboard and Plex can play its media files..
I have googled this from the Windows 10 side and the TrueNAS side and I cannot find a solution.
 

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,691
I'm new to TrueNAS since March 2021, currently running TrueNAS core 12.0-U4.
I installed from the TrueNAS-12.0-U2.1.iso, created a user and a group, and set up a few pools and datasets, etc.
I could read, write and map the shares on my pcs, and had full access to them on my macs as well.
I had Plex working, and I configured various mac and pc backups.

I was in newbie heaven for about 2 months, until my main pc started giving me the following message:
Network Error
Windows cannot access \\TRUENAS\Media
You do not have permission to access \\TRUENAS\Media. Contact your network administrator to request access.

This access/permissions problem spread to all of my pcs, and now to my macs.
I now have no access to my media shares or my backups, but I can still see the TrueNAS dashboard and Plex can play its media files..
I have googled this from the Windows 10 side and the TrueNAS side and I cannot find a solution.

I'd recommend you start a new thread with the issue. But please gather all the info on your dataset ACLs and permissions and users are grouped. No-one can diagnose a problem without all the relevant detail. This is not a reported problem, so its likely to be a configuration issue.
 

RushFan

Cadet
Joined
Jun 17, 2021
Messages
7
Will do, thank you.
 

Evoblade

Cadet
Joined
Jun 29, 2021
Messages
1
I'm having a similar issue to OP, in that after the upgrade to U4 my SMB shares simply cannot even be connected to. As in, they have dropped off of the network and I can't even connect to the server via SMB. Had some issues with the PLEX server as well. Dashboard is fine, selected to boot from U3 and everything works fine again.
 
Top